Router Mode (Freebox LiveBox AOL/Neuf/Alice Box)
Most of the "box" (Freebox LiveBox, AOL Box, Alice Box, Neuf Box, etc..) come with the features of a Router/NAT/ firewall
The box takes care of routing (direct exchange) data between your computers and internet. Any additional computer connected to the box can access the
It performs address translation between your local network
(LAN) and the Internet in order to "hide" the machines on the LAN.
Even if you have multiple computers, the Internet sees only sees one IP address, that of your box.
This feature prevents any machine on the internet to connect to one of your computers.
Also note that these three functions can be fulfilled by traditional routers (Linksys, NetGear, etc.).
These three functions have the following advantages:
- Facilitate the configuration of Internet connection (for one computer or several). Not only the configuration is automatic, but there is no modem driver to install.
- Easily share the Internet connection if you have multiple computers.
- Secure in your computers simultaneously (it's useful even if you only have one computer!). All computers on your local network will be protected against incoming connections even if they have no personal firewall like ZoneAlarm.
In the case you already have a firewall
Personal firewalls (ZoneAlarm, Kerio, Sygate, Look'n Stop ...) are not fail proof. If a fault (a vulnerability) is discovered, it is possible in some cases, for an attacker to disable your firewall remotely by makinf it crash (This has happened for Kerio).
The firewall on your box will act as a first line of defense in preventing hackers to come and connect to your personal firewall to try to crash it.
Some viruses or trojans are able to disable personal firewalls. If this happens to your computer, the firewall from your box will continue to protect you from incoming connections.
The firewall allows the box to protect the computer during installation (or reinstallation) of Windows.
Otherwise, your computer will be infected before you even had time to install the latest security updates.
Should I disgard my personal firewall?
A personal firewall is still needed! The firewall on your box does not monitor outbound connections, that is to say it does not control what software on your computer may transfer on the internet. Only a personal firewall can acheive this!
And the firewall from Windows XP?
The firewall of Windows XP has the same disadvantage than the one of your box, it is therefore recommended:
- To activate the firewall on your box.
- Install a personal firewall (ZoneAlarm, Sygate, Kerio ...)
- and disable the firewall in Windows XP.
Differences between the router and normal mode of a "box"?
Without the router/firewall/NAT mode
Your computer is directly accessible from the Internet: Anyone can try to connect to it. Your computer has a public IP address (visible from the internet).
In addition, if you want to share your Internet connection with other computers, it requires you to leave the computer on.
With the router/firewall/NAT mode
Your computer is then assigned a private IP address (LAN: 192.168.xx or 10.0.0.x). The box acts as Intermediate between your LAN and Internet. Direct
connection to the internet to your computer is no longer possible, withour port forwarding (port forwarding, see below).
As you can see your box then has two IP addresses:
A public IP address (18.104.22.168) for Internet and private IP address (192.168.0.254) for your LAN.
Connecting a second computer (with a hub or switch) no problem: the box will take it into account automatically.
Can I put a server on my PC?
Normally, the box will block any attempt to connect to your computer, which effectively prevents users from accessing your server
But this is not a big problem: most of the boxes are configurable and allow to set up port forwarding, that gives access to a port of a computer on internal network through the box.
For example, it is possible to configure port forwarding to allow access to a web server installed on a computer network (eg 192.168.0.2/ port 80) via port 80 of the box (public IP). When a connection is initiated on that port, the box will redirect incoming traffic to port 80 on the server (192.168.0.2).
This port forwarding is valid for any service that uses (FTP, SSH, Server POP or IMAP, etc..) a port. This is the principle to follow to make use of Peer-to-Peer
type) or other software needing to run in "server" mode: FTP, IRC, online games, chat
, [VNC], etc..
Simply look in the documentation of your box to see if it's possible to activate these features and how to proceed!
Original article published by sebsauvage
. Translated by deri58